Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

site keeps getting hacked


srober

Recommended Posts

I keep getting emails from others saying that my site is producing phishing

scamming. I keep deleting the added files but they keep reappearing. What can I do to keep this from happening? How are they evening getting the files in the site? Any help would be appreciated.

Link to comment
Share on other sites

Most likely the intruders used the standard directories of OSC. I've mentioned a couple of times before to change the folders like /images which are set to chmod 777 to another name, so the usual attacks run into nothing. Anyways, you can restrict those directories via .htaccess.

Link to comment
Share on other sites

Most likely the intruders used the standard directories of OSC. I've mentioned a couple of times before to change the folders like /images which are set to chmod 777 to another name, so the usual attacks run into nothing. Anyways, you can restrict those directories via .htaccess.

 

Can I just change the permission to where there is not write access? I did a few searches on the topic and have seen the .htaccess suggestions but I dont know what that means. I am a novice at best the site is only used 3 months out of the year as a registration site for a once a year event.

 

Thanks

Link to comment
Share on other sites

No, you can't change the permissions, since the site won't work anymore then unfortunately. As I said, rename those folders and change the setting accordingly in your /includes/configure.php as well as in admin/includes/configure.php. To get more informations about .htaccess just google for it.

Link to comment
Share on other sites

Just out of curiosity but how does one do it to begin with? Some of the files that been tampered with other than images was a file I called PDF with permission set at 755. I just wonder how they do it. Why they would target any particular site, especially mine since its not well known and only gets used 3 months out of a year. If they did that much should I fear that the customer info has been breeched? This is something that really had me nervous now.

Link to comment
Share on other sites

It's hard to say, if anyone has hacked your database. How secure your site is, depends on the scripts, the setup of the webserver with mysql/PHP and your configurations.

 

If your site can be found at google or any other search engines it is not hard for those people to add them to their list of pontential hacking targets. Due to the fact that you can't avoid those attemps completely it is recommended to view the server protocols on a regular basis, so you can take action if you spot them.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...